The General Data Protection Regulation, otherwise known as GDPR is a topic that has been heavily covered across international media outlets. With the new legislation created by the European Parliament set to be in stone on the 25th May 2018, businesses across the globe are looking at ways they can adapt their current operational methods to ensure that they are compliant with the new expectations that heighten the security surrounding the data of European citizens.
Although Britain is in the process of leaving the European Union after the Brexit vote in 2016, GDPR will be adopted into British law and will eventually replace the Data Protection Act 1998 – which many companies in the UK are already familiar with.
We’ve (Media Works) teamed up with United Carlton, who are print management software specialists to find out what GDPR is and how it can impact businesses both inside and outside of Europe.
Also of interest: How your organisation can remain safe in a perimeterless world
What is GDPR and how will it affect businesses?
GDPR has been in the pipeline for over five years, with the European Parliament finally agreeing to help strengthen and unify data protection of citizens across the continent and if your business does not follow the guidelines set out, it could be detrimental to your entire operations.
However, it’s important to understand that this legislation will not only apply to businesses that are registered here in Europe – but those who are outside of the continent who are collecting data of Europeans for business purpose and advantage.
As the name suggests, it’s all about protecting personal data and the arrival of the legislation couldn’t be more timely with digital advancements that are allowing businesses to capitalise on the information of people around the world – such as the world’s biggest social media platform Facebook, who has recently renewed their data policies after the Cambridge Analyitca scandal.
Although the Data Protection Act had consequences for non-compliant businesses, companies that aren’t updating their procedures to align with the GDPR expectations will experience worsened penalties that could be detrimental to a business.
Unlike previous pieces of legislation, the penalties for non-compliant businesses have worsened to discourage any inappropriate handling of data. To discourage the misuse of data handling and to reduce the risk of personal data leaks, businesses that are prone to a data breach could be fined 4% of their annual turnover or an astonishing €20m, whichever is more significant.
Citizens of Europe will have the right to expect that their data is being collected, used, stored, transferred and disposed of in the correct way and makes it easier for them to commend legal action if their personal data is misused by an organisation which has led many of them to change the ways the process data on behalf of an individual.
GDPR can influence many areas of business operations, and we’ve heard countless times how this legislation can impact CRM systems and marketing databases – but did you know that your business’ networked printers could be affected as a result, too?
Also of interest: How can businesses stay safe online?
Is your office printer at risk of GDPR penalties?
Many businesses will not think twice about the relationship that GDPR may have with your networked printers – and will probably think that the penalties only apply to the likes of Google and Facebook, but it’s important to understand that the penalty is the same for all, no matter the size of the organisation.
When it comes to the office essentials that we use everyday, the advancements and technological growth are phenomenal. The majority of our printers, photocopiers, fax machines and more are classed as smart and internet-capable, or endpoint devices. In terms of business productivity in our digitally-steered society, our modern printers have heightened levels of access to company networks and enable increase access and movement of information.
It’s important to be aware that a lot of hackers gain access to a business’ network through endpoints that aren’t fully secured – a prime example being the WannaCry attack on the National Health Service. The NHS hackers gained access by finding the vulnerable points in their outdated SMB protocols which networked printers and other technologies which is why GDPR is an intense legislation that must be taken seriously when it comes into action to ensure the security of all types of data.
If your printer does not have a pull-printing solution, which allows an internal server to withhold a job and await for the user to come and authorise the printing activity, human error could be a key lead to mishandled data which could bring in negative implications on your business in regard to GDPR. For example, documents could be sat waiting to be collected and could then be collected by the wrong person – creating a security vulnerability whether it was accidental or deliberate and in other words, a data breach.
Many businesses will not monitor individual print activities and there would be no way to track down who printed certain documents, who collected it and where it may be now. This increases risk and validates that there is no method of preventing unauthorised usage of the materials that could be contained in the document if obtained by the wrong person.
For smart printers, they usually contain hard disks, flash memory and data storage which could be a risk to data security is not properly secured. From cyberattacks to when the device may be sold, exchanged or returned – the information could still be easily access including the history of documents printed as well as the information within them.
With an increase in data breaches and a key focus on data protection within Europe, businesses must be looking to enhance their security measures to ensure that no information is mishandled. From installing features that ensure documents can only be claimed by the person who printed using a specific passcode, identification card or biometrics to rule-based controls that give companies a greater insight to internal procedures for authorised personnel and departments within the business.